TLS is Dead, Long Live TLS

The Payment Card Industry (PCI) council have spoken. Early versions of Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are now being forced into obscurity by the Payment Card Industry Data Security Standard (PCI DSS) 3.2.1, pushed there by years of security failures and a technological horizon in which those failures will simply not be acceptable.

It's about time, too. TLS 1.0 and SSL are nearly 20 years old.

With that in mind, the PCI council have decided to force the adoption of TLS 1.1 or higher. It does this by requiring payment card handlers to adopt certain security provisions, formalized in the PCI DSS.

While it is not legally binding, it brings the weight of the industry behind it and can exact serious penalties for the non-compliant. And the deadline to do so has just passed.

With the adoption of PCI DSS 3.2.1, those who wanted to remain compliant needed to migrate all of their systems to use at least TLS 1.1 by June 30 to avoid penalties, financial or otherwise. Those who have yet to migrate are in dangerous territory and should do so right away.

Those migrating should consider if they can move to TLS 1.3, as it introduces a number of improvements to TLS including features like Perfect Forward Secrecy, which generates a unique key for each session, meaning that even if an attacker is lucky enough to steal data they will only be able to do so for one session, leaving previous and future sessions protected from further compromise. Furthermore 1.3 prohibits or removes support for a number of weaker cryptographic functions.

Early SSL and TLS versions are by now ridden with vulnerabilities. POODLE, BEAST and CRIME vulnerabilities have all soundly defeated earlier versions, making their continued use an open invitation to cyber-criminals. Yet, crypto-agility continues to be an issue for many organizations.

As an example, though not related to TLS versions, Heartbleed still haunts thousands of systems. Deriving from improper implementations of OpenSSL, the vulnerability affected 17% of the web’s secure servers and could lead to massive theft of credentials, session keys and more.

When it was first discovered in 2014, one commentator noted that in terms of potential impact it could be “the worst vulnerability found since commercial traffic began to flow on the Internet.”

This vulnerability should have been long defeated, given the damage it wrought and the criticality of the bug. A 2017 Shodan analysis of the problem revealed at least 200,000 servers and machines to still be vulnerable to the bug.

Though many already use later versions of TLS, according to the Internet Engineering Task Force (IETF), who devised TLS and SSL, there are a few who still have not. Moreover, some servers, like Windows Server 2008, do not support the use of later versions of TLS so people will need to think about updating past versions.

To help spur adoption, a ballot has been proposed in the IETF to formally deprecate TLS versions 1.0 and 1.1 in order to halt the use of these insecure protocols through application fallback.

What if people don't update? They’ll be inviting the attention of vulnerability-aware cyber-criminals who will find it all the easier to exploit their environment and steal their data.

But that would have, and does, happen anyway. Failure to migrate your servers to those that support TLS 1.1 or higher will risk drawing the attention of the PCI council. Not complying with PCI DSS 3.2.1 requirements means risking monthly fines that can add up from tens, to hundreds of thousands. On top of that the council can suspend the non-compliant organizations ability to handle card payments.

Other services are also enforcing compliance by proxy. PayPal for example, will no longer accept payments from merchant’s whose websites used outdated cryptographic protocols. Furthermore, a variety of browsers may be denied access to e-commerce platforms if they still use early TLS/SSL and are thus unable to securely process payments.

As a best practice, security practitioners should have already updated to at least TLS 1.1 well before June 30. They should upgrade now if they missed the PCI DSS deadline. While they’re at it, they should take the time to ask their vendors how they plan to support TLS 1.2 and 1.3. Doing so will keep organizations ahead of future compliance deadlines, and it is the right thinking to help protect users.